Weekly Whaaa…? I’m doing a few of these quite a bit after the fact.
ACLU Idaho & Alison Macrina at Meridian Public Library
These two presenters were stellar. Here’s just a bit of my notes from each. If you want notes in their entirety, feel free to contact me to ask!
Ritchie Eppink from ACLU Idaho
Libraries are places that manage a bunch of data about a bunch of other people.
- Collection processes. Do we need all the fields that we request? Do we need someone’s gender identity? Do we need their birthdate? Do we need their name, even? Is the point to use these things as collateral, so that we can retrieve things / take things from them?
- What about anonymous identity cards? What about allowing patrons to put down i.e. $100.00 in cash in exchange for borrowing privileges, and then limit them to ~$100 in material at any time?
- Data retention: How long are we retaining data? Do we need it for this long? They’re working with law enforcement systems on body cameras, can be valuable but also involves bulk data collection that exists with NSA. Classic example is if a place has a hand-written sign-in sheet (like a spreadsheet) vs individuated slips. How to atomize data as much as possible, vs having to turn over data in bulk?
- Data protection: Time spent on this builds off of collection & retention processes. Can just not even collect things like gender identity.
Once something’s returned, we might make sure not to keep that data. Instead, just keep records on what is currently checked out to a patron.
Alison Macrina from Library Freedom Project
Best kind of software to protect privacy is free, open-source software (FOSS). This is relevant to your privacy because transparency of code allows for review and therefore avoidance of secret backdoor for privacy.
- easy to use, modern browser
- not secure by design
- use it when Tor browser gets weird
- many privacy extensions are available
- actually a patched version of Firefox
- some usability barriers
- very secure
- use until it does something you don’t understand
- bundled with HTTPS Everywhere and NoScript extensions
- don’t add any more extensions!
- have both it and Firefox on each machine. Have firefox with “use internet” and Tor browser with “use internet privately” in background.
Tor Browser obscures location in a circuit, and each thing in a circuit knows only about where it’s going next, no where about where it came from or its eventual internet destination. Privacy going forward.
Every new tab you open thinks you’re a totally different person.
This is application-level privacy. Also doesn’t save browsing history, your settings, a cache, anything. It information is saved, it can be subpoenaed or exploited.
Even after using tools like DeepFreeze & CleanSlate, information can be recovered with forensic things
Tor relays in libraries:
- you’ll need one PC or virtual machine with Linux Debian
- fast relays are 10 Mbytes
- more relays mean faster browsing and more anonymity
- won’t affect patron traffic, lives on its own ISP
- can also run a non-exit relay with a lot less than 10 Mbytes
Vice Motherboard article on Lebanon, NH: 80 emails, only 2 negative, the rest were really glowing in praise of privacy.